| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: How to keep "root" out?
Thursday, August 28, 2003, 11:34:27 AM, Walter wrote:
WK> We have a couple people in our Unix admin group that feel the need to "help" by WK> writing their own DB monitoring scripts. Of course, they don't know what they're WK> talking about.
Why, the dasterdly do-gooders! How dare they!<grin>
You know, one approach, and some might see this as heretical, is to simply give them a "safer" login that lets them query the V$ views. I'd probably let a sys admin look at those if he/she really wanted to, though I've been fortunate to always work with admins I trust not to go off the deep end and actually change anything without talking to me first.
I've given developers access to V$ views on development and test instances. That never caused me any problems or grief.
So you give your sys admins access, and you make it very clear that *you* are the DBA, and that if they find something significant, they should come to you about it; they should not make changes themselves. A good sys admin ought to understand that. After all, they are in much the same boat. They don't want you mucking about too much with the o/s.
I wouldn't try to fight this battle by attempting to lock them out of your database in a technical manner, such as via a password protection. After all, they are the sys admins, and they can pretty much do anything. I'd approach this as a management issue. It is a management issue. Go to your management and point out that *you* are the DBA, that *you* have bottom-line responsibility for the databases, and make a case that your sys admins are abusing their privileges, and thereby compromising your ability to maintain a stable database environment. A good manager will understand that.
But first I'd try to work with my sys admin in a more friendly manner. If he just wants to monitor, and is willing to commit to not making a *change*, then why not let him have at it? He might learn something about Oracle and become a useful ally. Or he might lose interest after awhile.
Best regards,
Jonathan Gennick --- Brighten the corner where you are http://Gennick.com * 906.387.1698 * mailto:jonathan@gennick.com
Join the Oracle-article list and receive one article on Oracle technologies per month by email. To join, visit http://four.pairlist.net/mailman/listinfo/oracle-article, or send email to Oracle-article-request_at_gennick.com and include the word "subscribe" in either the subject or body.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Jonathan Gennick
INET: jonathan_at_gennick.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Thu Aug 28 2003 - 11:49:28 CDT
 |
 |